It works, Thank you very much Konstantin Kolinko! I disabled APR by following these steps: a) remove bin\tcnative-1.dll b) remove <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> line from server.xml.
c) remove 'protocol="http11.Http11AprProtocol"' from server.xml's Connector , changed as follow: <Connector port="443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/server.keystore" keystorePass="test" truststoreFile ="conf/client.keystore" truststorePass="test"/> then https://localhost/ can open. and my question is what is the configurations with OpenSSL library (called through APR/Tomcat-Native). I have read the http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#SSL_and_Tomcat but it seems not have the configurations of APR, Can you give me the docs link you metioned? or send to my email: sc...@222m.net, Thanks! 在 2010年11月24日 上午9:54,Konstantin Kolinko <knst.koli...@gmail.com>写道: > 2010/11/24 Scott Li <scott...@gwghk.com>: > > 信息: Loaded APR based Apache Tomcat Native library 1.1.20. > > 010-11-24 9:36:38 org.apache.catalina.core.AprLifecycleListener init > > 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters > [false], > > random [true]. > > 010-11-24 9:36:38 org.apache.coyote.http11.Http11AprProtocol init > > As mentioned in the docs, there are two SSL implementations that can > be used by Tomcat: > - one provided by Java runtime, > - another provided by OpenSSL library (called through APR/Tomcat-Native). > > Their configurations are very different. > > The above log fragment shows that you are using the APR one. > > > To configure it correctly: > see docs. > > To disable it: > a) remove bin\tcnative-1.dll > b) remove <Listener > className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> line from server.xml. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Thanks & Regards, Scott Li